Malwarebytes has released a new report detailing the current tactics and techniques being used by cybercriminals to gain access to business networks and sensitive data.

Malwarebytes’ Cybercrime Tactics and Techniques Q1 2019 was compiled using data collected by its intelligence, and data science teams and telemetry from its consumer and business products between January 1 and March 31, 2019.

The report reveals there has been a 235% increase in cyberattacks on corporate targets in the past 12 months. There has also been a marked decline in cryptomining and other threats on consumers, which fell by 40% in 2018. It is clear from the report that cybercriminals are concentrating their efforts on attacking businesses and SMBs are most at risk as they typically lack the resources to significantly improve their cybersecurity defenses.

The report shows that Trojans are currently the biggest malware threat. Attacks involving Trojans are up 650% from the same time last year and attacks increased by 200% in Q1, 2019. The biggest threat is Emotet, which Malwarebytes describes as the “most fearsome and dangerous threat to businesses today.”

Emotet is now almost exclusively used to attack businesses. Emotet is an information stealer most commonly spread via phishing emails and the EternalBlue exploit. It has self-propagation functionality and can send copies of itself via email to contacts. It can also download other malware variants such as Ryuk ransomware.

While ransomware attacks on businesses declined in 2018, they are now on the rise and increased by 195% in the first quarter of 2019. Compared to this time last year, ransomware detections at businesses are up by more than 500%. Malwarebytes notes that the large increase in detections in 2019 is, to a large extent, due to a massive Troldesh ransomware campaign targeting U.S businesses in Q1. There were 336,634 detections of ransomware at businesses in Q1, 2019. As is the case with Trojans, ransomware attacks on consumers have also declined and are down 33% on this time last year.

Even though ransomware attacks were down in 2018, the FBI’s Internet Crime Complaint Center (IC3) indicates losses are up. $3.6 million in losses were reported to IC3 in 2018, although it should be noted that not all businesses declare ransomware attacks or the losses sustained, so the true figure is likely to be considerably higher. Further, those losses concern ransom payments, not other losses associated with the attacks.

Crytocurrency mining malware is still a major threat for businesses, although attacks on consumers are essentially negligible since CoinHive shut down its operations in March.

The use of adware has increased, in particular on mobile and Mac devices. Mac malware detections were up 60% in Q1, 2019 while adware detections were up 200% on Q4, 2018.

Cybersecurity protections have improved in the healthcare industry, although there is still considerable room for improvement. “The healthcare industry is no longer circling the drain, but it’s still in critical condition,” explained Malwarebytes.

As with other industry sectors, Trojans are the biggest malware threat and account for 79% of malware detections at healthcare organizations. Riskware is the second biggest threat. While riskware is not inherently malicious, it is capable of altering the functionality of other programs and can prevent patches from being installed which leaves healthcare organizations vulnerable to attack. Ransomware, spyware, and worms each account for 3% of malware detections at healthcare organizations.

Emotet accounted for 37% of all healthcare industry Trojan detections. 34% were Trojans that posed as legitimate Microsoft files.

Cryptocurrency mining malware is also commonly used in attacks on healthcare organizations. Malwarebytes notes that 17% of healthcare systems showed signs of having this type of malware installed.

Ransomware attacks continue to plague the healthcare industry. While many variants are used, what is worrying is that WannaCry (WannaCrypt) is still in use and is affecting a wide range of industry sectors, including healthcare. This threat can be blocked with the MS17-010 patch that was released in March 2017, yet many healthcare organizations are still vulnerable as the patch has not been applied.

The most common spyware infections were secondary infections that occurred following infection with either Trickbot or Emotet. The spyware serves as information stealers that run in the background and capture keystrokes and send them back to the attackers’ C2 servers.

Worm.Parite is the only worm threat affecting the healthcare sector, which is most commonly distributed via emailed .exe. and .scr files. Worms can spread rapidly across a network and leaves systems vulnerable to further exploitation and malware attacks.

About HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines. HIPAA Journal's goal is to assist HIPAA-covered entities achieve and maintain compliance with state and federal regulations governing the use, storage and disclosure of PHI and PII.